A directory traversal vulnerability exists in Xerver HTTP Server v4.32. An attacker can exploit this vulnerability to traverse directories and execute arbitrary code on the vulnerable system. An attacker can also exploit this vulnerability to inject malicious JavaScript code into the vulnerable system.
Xerver v4.32 is a Windows based HTTP server. This is the latest version of the application available. Xerver v4.32 is vulnerable to a remote denial of service through following means. Xerver ships with a web based configuration program, essentially making this DoS remote if and when the Remote Setup is running. The admin package runs on port 32123 and does not require any form of authentication to make changes to the server configuration. If the HTTP Server port is set to any kind of letter combination, the server will crash and be unable to be restarted unless the configuration file is manually edited to remove the letters and put back to a number (ie. 80).
This vulnerability allows remote attackers to execute arbitrary PHP code on vulnerable installations of Network Management/Inventory System. Authentication is not required to exploit this vulnerability.
Zainu is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the underlying database and execute arbitrary SQL commands.
Mambo com_koesubmit 1.0.0 is vulnerable to a Remote File Inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the mosConfig_absolute_path parameter. This can allow an attacker to execute arbitrary code on the vulnerable system.
A Blind SQL Injection vulnerability exists in Joomla 1.5 Jreservation Component for hotel booking system. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information from the database.
A vulnerability exists in NEPHP publisher version 3.5.9 or lower, which allows an attacker to bypass the login page by using a valid username and a single quote followed by a hash (#) as the password. An attacker can also use ' or 1='1'# as the username and any password to bypass the login page. A live demo of the exploit is available at http://andhracafe.com/admin/index.php. The default username is Administrator.
FMyClone V2.3 is vulnerable to multiple SQL injection attacks. The vulnerable URLs are http://localhost/exploit/FMyClone%20V2.3/index.php?comp=[SQLi/BSQL], http://localhost/exploit/FMyClone V2.3/edit.php?act=comment&comp=2&id=[SQLi] and http://localhost/exploit/FMyClone%20V2.3/editComments.php?comp=1%27+union+all+select+1,2,@@version,4,5,6,7,8,9,10,11--+. The first two URLs require admin privileges to exploit.
A SQL injection vulnerability exists in CF ShopKart version 5.4 beta or lower. The affected variable is 'item' and an example of the exploit is http://demo.cfshopkart.com/index.cfm?carttoken=E48384J091709064002&action=ViewDetails&itemid=-928+union+all+select+concat(@@version,user(),database()),2--+. The results of the second query can be seen in the <title> tag.
A vulnerability has been discovered in Changetrack, which can be exploited by malicious, local users to gain escalated privileges. The application does not properly escape certain file names, which can be exploited to inject and execute arbitrary shell commands (potentially with "root" privileges) by creating a maliciously named file in a directory tracked by Changetrack. Successful exploitation requires write privileges to a directory scanned by Changetrack.
Services By CQR